sc.exe config "Service Name" obj= "DOMAIN\User" password= "password" not working

Question

I want to set password for a service from the cmd. I got the option

sc.exe config "Service Name" obj= "DOMAIN\User" password= "password"

When I execute, its showing "[SC] ChangeServiceConfig SUCCESS" and if I start the service I am getting

"Windows could not start the service1 service on Local Computer. Error 1069: The service did not start due to a logon failure."

I searched and got the below link Using SC.exe to set service credentials password fails

My password doesn't consist of special character.

What's the option to do that?

Answer 1

If you face The account YourDomain\YourUser has been granted the Log On As a Service right, you should execute powershell script link AddLogonasaService and this is nothing to do with your password. It's a right/permission for an user to run the service.

Am embedding the code for your reference. You can refer that URL as well.

param($accountToAdd)
 #written by Ingo Karstein, http://blog.karstein-consulting.com
 #  v1.0, 01/03/2014

 ## <--- Configure here

 if( [string]::IsNullOrEmpty($accountToAdd) ) {
    Write-Host "no account specified"
    exit
 }

 ## ---> End of Config

 $sidstr = $null
 try {
    $ntprincipal = new-object System.Security.Principal.NTAccount "$accountToAdd"
    $sid = $ntprincipal.Translate([System.Security.Principal.SecurityIdentifier])
    $sidstr = $sid.Value.ToString()
 } catch {
    $sidstr = $null
 }

 Write-Host "Account: $($accountToAdd)" -ForegroundColor DarkCyan

 if( [string]::IsNullOrEmpty($sidstr) ) {
    Write-Host "Account not found!" -ForegroundColor Red
    exit -1
 }

 Write-Host "Account SID: $($sidstr)" -ForegroundColor DarkCyan

 $tmp = [System.IO.Path]::GetTempFileName()

 Write-Host "Export current Local Security Policy" -ForegroundColor DarkCyan
 secedit.exe /export /cfg "$($tmp)" 

 $c = Get-Content -Path $tmp 

 $currentSetting = ""

 foreach($s in $c) {
    if( $s -like "SeServiceLogonRight*") {
        $x = $s.split("=",[System.StringSplitOptions]::RemoveEmptyEntries)
        $currentSetting = $x[1].Trim()
    }
 }

 if( $currentSetting -notlike "*$($sidstr)*" ) {
    Write-Host "Modify Setting ""Logon as a Service""" -ForegroundColor DarkCyan

    if( [string]::IsNullOrEmpty($currentSetting) ) {
        $currentSetting = "*$($sidstr)"
    } else {
        $currentSetting = "*$($sidstr),$($currentSetting)"
    }

    Write-Host "$currentSetting"

    $outfile = @"
 [Unicode]
 Unicode=yes
 [Version]
 signature="`$CHICAGO`$"
 Revision=1
 [Privilege Rights]
 SeServiceLogonRight = $($currentSetting)
 "@

    $tmp2 = [System.IO.Path]::GetTempFileName()


    Write-Host "Import new settings to Local Security Policy" -ForegroundColor DarkCyan
    $outfile | Set-Content -Path $tmp2 -Encoding Unicode -Force

    #notepad.exe $tmp2
    Push-Location (Split-Path $tmp2)

    try {
        secedit.exe /configure /db "secedit.sdb" /cfg "$($tmp2)" /areas USER_RIGHTS 
        #write-host "secedit.exe /configure /db ""secedit.sdb"" /cfg ""$($tmp2)"" /areas USER_RIGHTS "
    } finally { 
        Pop-Location
    }
 } else {
    Write-Host "NO ACTIONS REQUIRED! Account already in ""Logon as a Service""" -ForegroundColor DarkCyan
 }

 Write-Host "Done." -ForegroundColor DarkCyan

To set the identity for services, I have used a vbscript

Set colServiceList = objWMIService.ExecQuery _
("Select * from Win32_Service where Name = 'Servicename'")
For Each objservice in colServiceList   
errReturn = objService.Change( , , , , , ,WScript.Arguments.Item(0),   WScript.Arguments.Item(1)) 
objService.StartService()   
Next

Where WScript.Arguments.Item(0) is the username arg and WScript.Arguments.Item(1) is password.